Re: [Exim] bounce from [0.0.0.0]

Top Page
This message is part of the following thread:
M+\the complete thread tree sorted by date
MMMTabor J. Wells at <-
.MRichard Welty at ->
Delete this message
Reply to this message
Author: Philip Hazel
Date:  
To: Adam Henry
CC: exim-users
Subject: Re: [Exim] bounce from [0.0.0.0]
On Sun, 30 Jun 2002, Adam Henry wrote:

> Noticed something I never have seen before, any thoughts? Have a
> closer look at the IP address of the sender. The only harm I think
> this has done is to create a bounce loop, but should I be
> ultra-responsible and contact the DNS admin for E-Finance Network,
> LLC?

Which version of Exim? What is your config file?

> 17OmWi-0008TM-00 (what started it all):

Are you sure? Looks to me as though that *followed* from the original
message (whose id shows an earlier time) that bounced:

> And here is E17OmWf-0008Ss-00:
>
> > 2002-06-30 17:46:36 17OmWf-0008Ss-00 <= bxeasyqual@???
> > H=p17024.net.upc.nl (24.93.200.32) [212.142.17.24] P=smtp S=3134
> > T="Get the LOWEST Mortgage Rate and $ave like never before possible!
> > ynuo" from <bxeasyqual@???> for fryderyka@???

Message arrives.

> >
> > 2002-06-30 17:46:36 17OmWf-0008Ss-00 **
> > "fryderyka%marinar.com"@??? <fryderyka@???>
> > F=<bxeasyqual@???> R=lookuphost T=remote_smtp: SMTP
> > error from remote mailer after RCPT
> > TO:<"fryderyka%marinar.com"@???>: host
> > webslayer.marinar.com [64.241.86.36]: 550
> > <"fryderyka%marinar.com"@???>... User unknown

Relay delivery fails. Looks like some weirdness in the aliasing or
whatever, though. What turns fryderyka@??? into
"fryderyka%marinar.com"@????

> > 2002-06-30 17:46:36 17OmWf-0008Ss-00 Error message sent to
> > bxeasyqual@???

A bounce is generated.

> > 2002-06-30 17:46:36 17OmWf-0008Ss-00 Completed

That looks perfectly normal for a bounce.

Then you have:

> > 2002-06-30 17:46:36 17OmWi-0008TM-00 <= <> H=localhost
> > (intrepid.marinar.com) [127.0.0.1] P=esmtp S=4475
> > id=E17OmWi-0008TH-00@??? T="Mail delivery failed:
> > returning message to sender" from <> for bxeasyqual@???

I assume this follows because 17OmWi is greater than 17OmWf (2 seconds
later). However, that is weird, because Exim doesn't send its bounces by
connecting to 127.0.0.1. It uses a standard input connection. So there's
something unusual going on here.

You need to post more details of your configuration if you want further
comment. 


--
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.




This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [Exim] bounce from [0.0.0.0]Re: [Exim] .forward woes->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)